This is probably this upstream bug report which concerns some
brokenness with the Define directive:
https://issues.apache.org/bugzilla/show_bug.cgi?id=57328
The config on serverfault shows that you used Define:
IfModule mod_alias.c
IfModule mod_cgi.c
Define
On Wednesday 11 February 2015 20:19:41, Victor Porton wrote:
It produces errors like the following on unexistent .htaccess files.
There should be no such message.
[Wed Feb 11 20:05:51 2015] [crit] [client 220.181.108.140]
(13)Permission denied:
On Monday 09 February 2015 16:34:02, Jean-Michel Nirgal Vourgère
wrote:
What is your opinion on that problem?
That's a valid feature request. But for after jessie.
Do you see a more generic way to restrict tor incoming connections
so that it doesn't match require local filter?
I don't have
Hi Niels,
On Tuesday 27 January 2015 21:44:34, Niels Thykier wrote:
I have taken the liberty of closing this bug now. Should you have
any remarks to the patch / wording, please do not hesitate to let
me know (or file a new bug).
Thank you very much for your help. That was on my todo list but
On Friday 20 March 2015 02:36:36, Daniel Kahn Gillmor wrote:
make-ssl-cert appears to create the secret key material and then
chmod it to restrict permissions. This leaves a race condition
where a non-privileged user on the system can read the file before
the permissions change takes effect,
You need to provide more information.
How do you use squirrelmail/roundcube? With mod_php or with fcgi or
with some other config? Reverse proxy?
Does your ssl config may cause renegotiation to occur? For example, do
you have any ssl related directives in per-directory or per-location
Hi,
On Mon, 12 Jan 2015, Francois Marier wrote:
After upgrading from 2.2.22-13+deb7u3 to 2.2.22-13+deb7u4, Apache refused to
start on my server with this error message in /var/log/apache2/error.log:
[error] Server should be SSL-aware but has no certificate configured [Hint:
On Mon, 12 Jan 2015, Harald Dunkel wrote:
Actually I don't see any reason why apache2 should unconditionally
listen on 80/tcp for a https-only setup, so I wonder if ports.conf
could be moved to conf.d to support a2disconf?
As ports.conf does not contain anything else, editing it should not
Hi,
On Tuesday 05 May 2015 14:01:56, Michael Ablassmeier wrote:
we recently migrated over an OTRS instance from another system to
debian jessie and it appears we may have the same issue, sporadic
segfauls, but we do not use the event_mpm but the default worker:
[Tue May 05 13:02:19.929973
Hi Chris,
On Tuesday 24 February 2015 09:36:58, Chris Boot wrote:
We have been experiencing segmentation faults in apache2 when using
the event MPM in jessie. These manifest themselves with log entries
I have uploaded a fix to unstable. It would be great if you could grab
2.4.10-11 from there
On Wednesday 20 May 2015 19:13:47, Jean-Michel Vourgère wrote:
apache2.4 is still not moving to testing, because of packages having
dependencies on removed transitionnal packages.
The daily cruft-repport [1] lists the problems:
Thanks for the bug reports.
* ikiwiki-hosting-web depends on
Hi Jean-Michel,
On Sunday 07 June 2015 01:07:34, Jean-Michel Vourgère wrote:
Now that the transitional packages are gone, I did some cleanup in
the (pre|post)(rm|inst):
- Removed the configuration file hacks to move them around between
packages. - Removed the
Package: ftp.debian.org
Severity: normal
cruft-report has:
* source package apache2 version 2.4.12-2 no longer builds
binary package(s): apache2-mpm-event apache2-mpm-itk apache2-mpm-prefork
apache2-mpm-worker apache2-suexec apache2.2-bin apache2.2-common
libapache2-mod-macro
severity 790943 normal
thanks
On Friday 03 July 2015 10:56:54, Daniel Pocock wrote:
I've marked this bug serious because it could lead to security
problems if people mix root certs and other certs in the same
directory
The certificates generated by make-ssl-cert all have X509v3 Basic
On Tue, 18 Aug 2015, Takatsugu Nokubi wrote:
Sorry fo late reply.
I tried it with rebuilded deb because I use i386 arch.
So it seems to work fine.
Thanks for the testing
Stefan
The apache2-module-depends-on-real-apache2-package appears to either be
bogus or be pointing to a bug in dh_apache2.
yes, we have changed dh_apache2 recently and without much preparation
because that was needed for a subversion security update.
I think the lintian check will have to be
On Monday 20 July 2015 13:33:04, Jean-Michel Vourgère wrote:
We want to backport that to jessie, don't we? I mean a minimal fix.
Yes, we do.
--
To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Hi,
On Sunday 02 August 2015 14:14:11, Felicitus wrote:
[Sun Aug 02 13:19:52 2015] [error] Failed to configure CA
certificate chain!
Please try the version from https://people.debian.org/~sf/794383/
and check if it either fixes the problem or at least gives some
more information in the error
On Saturday 08 August 2015 00:25:37, Felicitus wrote:
Please try the version from https://people.debian.org/~sf/794383/
and check if it either fixes the problem or at least gives some
more information in the error log. You may either replace all
packages with dpkg or only the
On Saturday 08 August 2015 11:38:14, Andreas Beckmann wrote:
during a test with piuparts I noticed your package failed the
piuparts upgrade test because dpkg detected a conffile as being
modified and then prompted the user for an action. As there is no
user input, this fails. But this is not
On Saturday 08 August 2015 09:34:52, Andreas Beckmann wrote:
With apache2.2-common being gone this should be rather easy.
IIRC these conffiles were taken over by the apache2 package, so
all that should be needed are unversioned
Breaks+Replaces: apache2.2-common
in the apache2
AFAICS, this happens when one upgrades from wheezy from a state where
only apache2.2-common is installed but not apache2. There is a bug in
apache2's preinst in jessie that makes it not recognize this case and
not execute the conffile handling.
While I think I have a fix, I am not not
reassign 789914 apache2
found 789914 2.4.10-3
thanks
This also affects jessie + stretch.
On Thursday 25 June 2015 10:27:59, Andreas Beckmann wrote:
Enabling conf serve-cgi-bin.
Enabling site 000-default.
info: mpm_prefork: No action required
This is wrong. There seems to be a ! that
On Sun, 12 Jul 2015, Adam D. Barratt wrote:
On Sun, 2015-07-12 at 11:43 +0200, Stefan Fritsch wrote:
#789914 affects jessie + stretch, too. I have added a 'found' to the
bts so it should now migrate. I would prefer to have the current
package migrate before a new upload.
Was that mail
On Thursday 09 July 2015 14:35:17, Jean-Michel Vourgère wrote:
Ops, actually, the message changed, and #789914 now seems to be the
source of the migration blockade.
#789914 affects jessie + stretch, too. I have added a 'found' to the
bts so it should now migrate. I would prefer to have the
[ Stefan Fritsch ]
* Fix upgrade logic: When upgrading from wheezy with apache2.2-common
but without apache2 installed to jessie, part of the conffile handling
logic would not run, causing outdated conffile content to be kept.
This is part of the solution for bug #794933
Hi Carlos,
On Friday 28 August 2015 15:02:11, Ondřej Surý wrote:
On Fri, Aug 28, 2015, at 00:43, Carlos C Soto wrote:
Same problem here but I'm running Debian 8.1
Package: libapache2-mod-php5
Version: 5.6.12+dfsg-0+deb8
Architecture: amd64
Configuring libapache2-mod-php5
On Monday 30 November 2015 10:09:09, Harald Dunkel wrote:
> Package: apache2
> Version: 2.4.10-10+deb8u3
>
> I get a reproducible segmentation fault if I do a git clone
> over http (using simple http, not "smart http", not https).
> See attached debug output (thread 4).
>
> git is version 2.4.6.
On Saturday 02 January 2016 14:32:01, Aleksandr Opachev wrote:
> Process apache2 restart every minute. I'm not find answer in google.
> I'd tried disable mod_php5 and mod_ssl.
It seems rather unlikely to me that this is a bug in apache2, or more
people would experience it. Probably something
On Friday 01 January 2016, 20:18:02 you wrote:
> I have a brand new installed Debian Jessie 64bit and Debian GUI
> won't start if apache2 is installed (see picture in attach).
>
>
> The only way to fix this is to start Debian on debug mode and remove
> apache2. When apache2 is removed the system
On Wednesday 09 December 2015 14:38:28,
questionmark.billi...@gmail.com wrote:
> As I’m sure that you all already know, support for HTTP/2 (via
> mod_http2, mod_h2, and others) is now available for upstream
> Apache. When do we (normal Debian repo users) get HTTP/2 support?
> Is this something
Hi,
On Saturday 21 November 2015 04:25:38, Vieno Foo wrote:
>* What led up to the situation?
> less /etc/apache2/conf-available/security.conf
>
>* What was the outcome of this action?
> finding Apache2.2 syntax at the first example of a entry
>
>* What outcome did you expect
On Tuesday 01 September 2015 13:35:11, Vitaliy Okulov wrote:
>* What led up to the situation?
> Install apache2-mpm-itk and exim4. Configure apache vhost to some
> user and group.
>
>* What exactly did you do (or not do) that was effective (or
> ineffective)?
> Add vhost, set
reassign 779077 libapache2-mod-fcgid
found 779077 1:2.3.9-1
affects 779077 apache2
thanks
On Tuesday 03 November 2015 13:02:00, Chris Boot wrote:
> We've just hit the same crash again, but on a different server for a
> different client of ours. This time it was an upgrade from Wheezy
> to Jessie,
On Monday 06 June 2016 08:24:50, Daniel Pocock wrote:
> CAs, browser vendors and other software developers are actively
> disabling SHA-1 support and shifting to the SHA-2 (SHA-256) digest
> algorithm.
There are two relevant uses of SHA-1 that I know of.
As MAC algorithm in the TLS cipher suite.
On Tue, 10 May 2016, Niko Tyni wrote:
> On Mon, May 09, 2016 at 09:49:13PM +0300, Niko Tyni wrote:
>
> > I intend to disable the test in libapache2-mod-perl2 for now until
> > a better solution is found.
>
> Done in 2.0.9-5 which I just uploaded.
>
> > Do you want to track the apache2 crash
>
tags 714083 -patch
thanks
the special casing in a2enmod has been removed. This would have to be
solved by renaming the default-ssl.conf file (and appropriate handling in
the maintainer scripts)
Here is a status update.
In 2.4.10-10+deb8u2 in the Debian 8.2 point release, I have included this
fix:
* Fix upgrade logic: When upgrading from wheezy with apache2.2-common
but without apache2 installed to jessie, part of the conffile handling
logic would not run, causing outdated
On Mon, 26 Oct 2015, Valentin Vidic wrote:
> I noticed the connection to the memcache server is not reused but dropped and
> recreated on every request. This can be checked using tcpdump.
>
> This issue has been reported and fixed upstream in 2.4.17:
>
> *) mod_socache_memcache: Add the
On Tue, 12 Apr 2011, Stefan Fritsch wrote:
> This php version is not from Debian. Can you reproduce the bug with
> Debian Lenny's mod_php?
There has been no response. Closing.
Hi,
I must admit that removing mod_imagemap and mod_cern_meta could have been
handled better. But at the time I really could not imagine that anyone is
still using them. As Bob Proulx has pointed out, there is really no way to
re-introduce them into jessie. For people who need to use them on
Hi Daniel,
On Sun, 6 Mar 2016, Daniel Pocock wrote:
> Should the make-ssl-cert script continue doing the same thing, creating
> Snakeoil certs only?
At least by default, it should. There are quite a few systems that don't
have outside network connection, people may want to use different CAs,
Hi,
can you provide "bt full" of thread 5? Or simply "thread apply all bt
full"?. The "bt full" output you have sent is from a different,
uninteresting thread.
It seems someone passes an invalid pointer to libc's setenv()
function. But it's impossible to say how this happened.
Maybe you want
This is not that easy because of all the logic that we have in the
init script.
One part is about starting/stopping htcacheclean if mod_cache_disk is
enabled. Maybe instead of doing this check at apache2 startup, this
could be split into a separate service and a2enmod could active the
Hi Timo,
thanks for your help.
There are a few more things to consider here. We will still have to
support using sysv-init and init scripts. Also, in practice, support
for apache2 in Debian/Ubuntu is mostly done on upstream mailing lists.
And people expect that apachectl will work correctly.
reassign 820824 apache2
found 820824 2.4.20-1
affects 820824 libapache2-mod-perl2
thanks
Thanks for the report.
On Tuesday 12 April 2016 23:04:42, Niko Tyni wrote:
> Looking at the CI results at
>
> https://ci.debian.net/packages/liba/libapache2-mod-perl2/unstable/a
> md64/ this started
On Wednesday 13 April 2016 23:19:08, Harald Kapper wrote:
> I'd ask for the debian apache team to have a look at this one:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=53999
>
> problem as described: mpm_worker has trouble with SSL while
> mpm_prefork is fine, though prefork eats
On Sunday 17 April 2016 17:09:03, Javier Fernández-Sanguino Peña
wrote:
> Last Monday 11th, DSA had to disable the 'manpages.debian.org' vhost
> service in glinka.debian.org because it was consuming continuously
> a large amount of CPU and affecting other services.
Oh dear...
> Both DSA and I
forcemerge 822144 823349
thanks
On Tuesday 03 May 2016 23:04:48, Tero Marttila wrote:
> pidofproc is unable to read the pidfile, and returns immediately...
Yes, this seems to be a bug in the init script, as pointed out in
#822144
On Dienstag, 27. Oktober 2015 12:51:42 CEST Adam Hupp wrote:
> After upgrading to jessie the apache2 init script reports failure (via
> systemctl) even though it actually starts up correctly.
>
> adam@gaba:~$ sudo /etc/init.d/apache2 start
> Starting apache2 (via systemctl): apache2.serviceJob
On Freitag, 8. Juli 2016 14:28:40 CEST andrej gulyás wrote:
> The error messages started to occur after the following update from 13.
> june 2016.
I don't think that upgrade changed anything that actually caused the problem.
But it is possible that the libssl upgrade triggered a restart of
On Montag, 25. Juli 2016 16:48:31 CEST Florent Mendoza wrote:
> hello, we found that apache occasionally segfault if a ltrace is running on
> it.
> I managed to reproduce this with default config.
> A simple way to reproduce :
> start apache with /usr/sbin/apache2 -X
> attach a ltrace on it :
On Donnerstag, 28. Juli 2016 12:19:16 CEST 積丹尼 Dan Jacobson wrote:
> After upgrading one now gets
>
>Forbidden
>
>You don't have permission to access / on this server.
>Server unable to read htaccess file, denying access to be safe
>
> so one must do
> $ chmod +x any parent
On Thursday, 2 February 2017 18:56:38 CET Julian Gilbey wrote:
> [Thu Feb 02 18:14:44.630796 2017] [core:notice] [pid 3650] AH00052: child
> pid 3696 exit signal Aborted (6)
Please follow the instructions in /usr/share/doc/apache2/README.backtrace and
add a backtrace to this report. Thanks.
On Thursday, 19 January 2017 20:47:15 CET Stefan Fritsch wrote:
> On Tuesday, 17 January 2017 11:59:17 CET Antoine Beaupré wrote:
> > I would need people to start testing the package at this point, not
> > necessarily in production considering how big the change is, but your
&g
On Monday, 20 February 2017 15:27:23 CET Antoine Beaupré wrote:
> > Probably a good idea is to put the packages somewhere and ask for testers
> > on secur...@lists.debian.org.
>
> security@lists.d.o is not a list, as far as i know. there's
> debian-security@lists.d.o, but I never posted there...
Hi,
On Thursday, 23 February 2017 19:14:59 CET Jonas Meurer wrote:
> All right, then we should go for the update. Antoine, do you take care
> of it?
Great work and sorry that I did not have time to help you more.
In case it helps: For stable, I have suggested this text for the DSA to the
anuary 2017 17:03:55 CET Antoine Beaupré wrote:
> On 2017-01-23 15:14:30, Antoine Beaupré wrote:
> > On 2017-01-22 11:25:08, Stefan Fritsch wrote:
> >> Test Summary Report
> >> ---
> >> t/apache/chunkinput.t (Wstat: 0 Tes
tags 851357 wontfix
thanks
Upstream does not intend to change this behavior. See the thread starting at
http://mail-archives.apache.org/mod_mbox/httpd-dev/201702.mbox/
%3C20170202125319.GA15948%40redhat.com%3E
I won't deviate from upstream in the Debian 9 squeeze release, but I will
allow
On Tuesday, 17 January 2017 11:59:17 CET Antoine Beaupré wrote:
> I would need people to start testing the package at this point, not
> necessarily in production considering how big the change is, but your
> comfort level will vary with the severity and complexity of services. :)
There is a
Hi Erik,
On Monday, 5 September 2016 17:21:51 CEST Erik Wasser wrote:
> 1) Is it possible to check against real files with `-f' instead of `-e'
> in the `preinst/obsolete_conffile_exists()' function?
Sounds like a good idea.
> 2) Is this whole obsolete file check really needed for an upgrade
>
This could be fixed by a rebuild of apr, but that failed due to #815477 .
Thanks for the patch. I will take a look next week-end.
Cheers,
Stefan
On Saturday, 5 November 2016 18:04:35 CET Hans van Kranenburg wrote:
> > We support Berkley DB (AuthDBMType db) in apr-util. Are there any
> > advantages of gdbm over db?
>
> Heh. I interpret this question as a suggestive one, suggesting there are
> none.
I really did not know. Thanks for the
On Sunday, 6 November 2016 09:27:18 CET John Gates wrote:
> I have a server that needs to stay PCIDSS compliant and it is complaining
> that apache 2.4.10 is running... When is an update going to be
> available... Do I have to compile my own Apache version? Seems odd that
> stability is favored
Hi Kurt,
On Sunday, 25 September 2016 19:51:08 CET Debian Bug Tracking System wrote:
> Processing commands for cont...@bugs.debian.org:
> > tags 828236 + patch
>
> Bug #828236 [src:apache2] apache2: FTBFS with openssl 1.1.0
> Added tag(s) patch.
I am sorry, but I don't feel qualified to review
On Friday, 4 November 2016 23:32:58 CET Hans van Kranenburg wrote:
> I would ask you to consider enabling gdbm support in apr-util so that
> users can use mod_authn_dbm in apache with AuthDBMType GDBM
We support Berkley DB (AuthDBMType db) in apr-util. Are there any advantages
of gdbm over db?
On Monday, 14 November 2016 05:03:45 CET Ondřej Surý wrote:
> > Looking at mod_ssl_openssl.h and the comment in #828330,
> > I'd suggest the change below to add a dependency on libssl1.0-dev
> > to apache2-dev.
>
> And that exactly happens meaning that PHP 7.0 can no longer be built
> unless all
On Monday, 14 November 2016 05:03:45 CET Ondřej Surý wrote:
> > Looking at mod_ssl_openssl.h and the comment in #828330,
> > I'd suggest the change below to add a dependency on libssl1.0-dev
> > to apache2-dev.
>
> And that exactly happens meaning that PHP 7.0 can no longer be built
> unless all
Hi,
[I have trimmed the cc list a bit]
On Wednesday, 16 November 2016 20:36:49 CET Kurt Roeckx wrote:
> On Mon, Nov 14, 2016 at 03:06:44PM -0800, Russ Allbery wrote:
> > Stefan Fritsch <s...@debian.org> writes:
> > > I must admit that I did not think of php when
Hi again,
On Saturday, 12 November 2016 07:51:40 CET Stefan Fritsch wrote:
> If these two packages cannot transition to openssl 1.1.0 before apache2
> does, I suggest that you build with openssl 1.0.2 explicitly and then
> downgrade the bugs and unlink them from the transition bug. I d
On Friday, 18 November 2016 19:20:15 CET Adrian Bunk wrote:
> On Fri, Nov 18, 2016 at 06:10:31AM +0100, Stefan Fritsch wrote:
> > On Friday, 18 November 2016 01:09:53 CET Adrian Bunk wrote:
> > > What does create the dependency in
> > >
> > > https://bugs.
On Friday, 18 November 2016 01:09:53 CET Adrian Bunk wrote:
> On Thu, Nov 17, 2016 at 11:18:57PM +0100, Stefan Fritsch wrote:
> > On Thursday, 17 November 2016 21:39:19 CET Kurt Roeckx wrote:
> > > > That header was created for mod_ssl_ct which provides support fo
On Thursday, 17 November 2016 21:39:19 CET Kurt Roeckx wrote:
> > That header was created for mod_ssl_ct which provides support for
> > certificate transparency. It's quite new and likely that nothing else
> > uses the header. It would probably be acceptable to remove the dependency
> > in
On Thursday, 3 November 2016 13:51:46 CET martin f krafft wrote:
> Nov 3 13:49:49 albatross systemd[1]: Starting Disk Cache Cleaning Daemon
> for Apache HTTP Server... Nov 3 13:49:49 albatross htcacheclean[4246]:
> htcacheclean error: Could not set filepath to
>
On Saturday, 19 November 2016 18:06:44 CET Peter Colberg wrote:
> On Sat, Nov 19, 2016 at 11:58:41PM +0100, Stefan Fritsch wrote:
> > I will move the libssl-dev dependency to a new mod_ssl dev package. That
> > should avoid this issue without having to modify loads of other packag
On Saturday, 19 November 2016 12:39:18 CET Peter Colberg wrote:
> apache2-dev was changed to depend on libssl1.0-dev | libssl-dev (<< 1.1)
> recently (#844160), which has caused a FTBFS in cgit that depends on
> libssl-dev without a version constraint.
>
> I would rather not constrain cgit’s
Hi,
If these two packages cannot transition to openssl 1.1.0 before apache2 does,
I suggest that you build with openssl 1.0.2 explicitly and then downgrade the
bugs and unlink them from the transition bug. I don't have much hope that
apache2 will transition in time for stretch release.
tags 843014 wontfix
thanks
On Thursday, 3 November 2016 07:42:39 CET Heinrich Schuchardt wrote:
> This results in a header like:
> Server: Apache/2.4.10 (Debian)
>
> Sending the Apache and OS version is a waste of bandwidth.
> Unfortunately Apache does not allow to completely suppress this
>
Hi,
On Wednesday, 12 October 2016 15:27:45 CET Brendon Baumgartner wrote:
> We have a relatively busy webserver (about 1-2 million hits per day).
> Recently we experienced some downtime and tracked it to mod_cgid. Once we
> disabled this module, the crashes stopped.
>
> To induce the crash
On Monday, 5 December 2016 21:13:04 CET Salvatore Bonaccorso wrote:
> CVE-2016-8740 was announced for apache, CVE-2016-8740, Server memory
> can be exhausted and service denied when HTTP/2 is used.
There are a few more security issues fixed in the pending 2.4.24 release. I
will wait a bit more
On Saturday, 14 January 2017 19:36:34 CET Ondřej Surý wrote:
> Stefan,
>
> JFTR underscores in domain names are allowed, just not for hostnames. SRV,
> TLSA and other RRs make use of them.
But the character restriction for hostnames is valid for all parts of the FQDN
of a host. From RFC1035
On Saturday, 14 January 2017 12:33:55 CET Jonathan Vollebregt wrote:
> Actually that makes another point: according to RFC952 hostnames are
> allowed only a single period:
>
> http://www.ietf.org/rfc/rfc952.txt
>
> > ::= *["."]
> >::= [*[]]
>
> Unless this was updated in another
reassign 850885 dwww
severity 850885 grave
tags 850885 patch
thanks
On Thursday, 12 January 2017 06:50:16 CET Arjan Opmeer wrote:
> > is correct however, here's the HTTP header part:
> > Content-type: text/html
> > Last modified: Tue Dec 13 14:16:35 2016
> > Content-Disposition:
On Saturday, 14 January 2017 12:19:17 CET Jonathan Vollebregt wrote:
> Does this mean it's now impossible to create virtual hosts in apache for
> domain names with underscores?
>
> Unless they've silently added a DomainName directive somewhere this
> change breaks virtual hosts with
On Friday, 2 December 2016 00:16:24 CET Sebastian Andrzej Siewior wrote:
> is there a reason for gridsite not to go for 3.0 (or backport the
> change) and libssl-dev? Apache stays 1.0 but does not expose anything
> SSL related (unless I read #828236 too quick).
(assuming you meant 1.1 instead of
On Friday, 23 December 2016 18:56:54 CET Niko Tyni wrote:
> This passage in RFC 7230, section 9.4., seems relevant:
>
>A more effective mitigation is to prevent anything other than the
>server's core protocol libraries from sending a CR or LF within the
>header section, which means
Hi Ola,
On Friday, 23 December 2016 23:56:45 CET Ola Lundqvist wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of apache2:
> https://security-tracker.debian.org/tracker/CVE-2016-8743
>
> Would you like to take care of this
On Monday, 13 March 2017 08:07:01 CET Sergio Gelato wrote:
> Now that apache2 includes a native systemd unit, it may be prudent to stop
> assuming that /etc/init.d/apache2 exists. (It's still distributed as part
> of the package, but since it's a configuration file system administrators
> are free
On Thursday, 2 March 2017 16:15:45 CET Thorsten Glaser wrote:
> Apache 2 does not send *any* Content-Type header for plaintext files
> any more,
With "any more", do you mean that this is a regression, i.e. did it work in an
earlier version? If yes, which version?
On Friday, 3 March 2017
Hi Raphael,
On Saturday, 15 July 2017 11:52:49 CEST Raphael Hertzog wrote:
> Hello Stefan,
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of apache2:
> https://security-tracker.debian.org/tracker/CVE-2017-9788
>
> Would you like to
Hi Valentin,
Thanks for the report.
On Friday, 7 July 2017 14:30:59 CEST Valentin Vidic wrote:
> Stopping or restaring apache2 produces an error in kernel log:
>
> # systemctl apache2 stop
>
> Jul 7 14:13:52 stretch kernel: [ 5393.547573] apache2[7588]: segfault at
> 7f7e1113b7a0 ip
reopen 851094
found 851094 2.4.27-2
thanks
On Monday, 17 July 2017 16:57:00 CEST Roberto C. Sánchez wrote:
> I did the deb7u9 update of apache2 and I was not aware of the regression
> either. I wonder if it makes sense for bugs above a certain severity
> affecting versions of a package which are security uploads to show up in
> the
Hi Antoine,
On Wednesday, 19 July 2017 15:45:20 CEST Antoine Beaupre wrote:
> As I mentioned in the #858373 bug report, I started looking at fixing
> the regression introduced by the 2.2.22-13+deb7u8 upload, part of
> DLA-841-1. The problem occurs when a CGI(d) ErrorDocument is configured
> to
Is there anything relevant in the log files?
In the apache error log?
In the output of "journalctl -u apache2.service"?
For the upgrades, if you still know the date, look into /var/log/apt/term.log*
Cheers,
Stefan
On Fri, 4 Aug 2017, John Paul Adrian Glaubitz wrote:
> > Not sure if m68k is alive anymore. The build log urls are not reachable
> > anymore this bug report is no longer useful. Closing.
>
> Well, maybe you should just ask people instead of just closing bug
> reports without further notice?
>
>
Hi Andrew,
On Fri, 4 Aug 2017, Andrew Murphy wrote:
>
> Please add mod_brotli
>
> Note: Originally I raised an Ubuntu bug, but they said raise it upstream
> with you. But I couldn't find a 'new bug' button on debian apache2 package.
The debian bts is email based (unless you use the reportbug
Hi Raphael,
On Tuesday, 20 June 2017 16:38:12 CEST Raphael Hertzog wrote:
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of apache2:
> https://security-tracker.debian.org/tracker/CVE-2017-3167
>
On Wednesday, 4 October 2017 20:41:38 CEST Tiger!P wrote:
> I tried to add a file /etc/systemd/system/apache2.service.d/after.conf
> with the following content:
> 8<
> [Unit]
> Wants=network-online.target
> After=network.target remote-fs.target nss-lookup.target
> network-online.target
>
1 - 100 of 749 matches
Mail list logo
